← Older revision
Revision as of 02:13, 30 January 2014
(2 intermediate revisions by one user not shown)
Line 185:
Line 185:
= TRAINING SESSIONS=
= TRAINING SESSIONS=
−
We thank you very much for every proposal submitted.
−
The selection committee and the local board of the conference approved the following sessions:
−
== Training (March 17th, 18th) ==
−
* Mobile Security: Securing Mobile Devices & Applications. (Dave Wichers) * 2 DAY TRAINING
−
* CISO training: Managing Web & Application Security – OWASP for senior managers. (Tobias Gondrom)
−
* Hands on Simple method of the penetration testing using OWASP ZAP. (Minoru Sakai)
−
* Secure Web Development. (Jerry Hoff)
−
* Developer Security Training. (Jim Manico) * FREE 4 HOUR TRAINING
−
=
CONFERENCE SESSIONS
=
+
=
= Monday and Tuesday, March 17th - 18th =
=
−
We thank you very much for every proposal submitted
.
+
*'''''Mobile Security: Securing Mobile Devices & Applications
.
'''''<br>
−
The selection committee
and the
local board
of the
conference approved
the
following sessions:
+
'''Dave Wichers'''<br>
+
ROOM A 10am-5pm<br><br>
+
''Mobile applications enable new threats
and
attacks which introduce significant risks to
the
enterprise, and many custom applications contain significant vulnerabilities that are unknown to the team that developed them.''
+
''Considering the number
of
mobile applications available in
the
Google Play and Apple AppStore is nearing 1.5 million and vulnerabilities are skyrocketing it is imperative to perform typical application security practices. But, how is mobile different?''<br>
+
''This two-day, hands-on course enables students to understand how easily mobile devices and applications can be successfully attacked. They will learn how to identify, avoid and remediate common vulnerabilities by walking through a threat analysis and learning critical security areas such as those identified in
the
OWASP Top Ten Mobile Risks and Controls. Using state-of-the-art testing tools, students will learn how to secure mobile devices across the enterprise. Students will be able to choose from iOS or Android hands-on labs throughout the course, while they learn how easily the bad guy can compromise applications and the data they contain.''<br>
−
== Conference (March 19th, 20th) ==
−
* Management for Security Life Cycle. (Shoji Ito)
−
* Secure Escaping method for the age of HTML 5. (Yoshinori Takesako)
−
* XSS Allstars from Japan. (Yosuke Hasegawa, Masato Kinugawa, Mala)
−
* HTML 5 Security for Web Application Development. (Yoshinori Matsumoto)
−
* Inside Story of the first SaaS type WAF Service. (Kana Toko)
−
* Get Ready for the Next Big Wave of Attacks: Hacking of Leading CMS Systems. (Maty Siman, Sanjay Agnani)
−
* The fact report of attack traffic on the Internet. (Makoto Niimura)
−
* How to choose (or write) your own source code scanner. (Yu-Lu “Chris” Liu)
−
* Bad Web Apps are Good – The Broken Web Application Project.(Mordecai Kraushar)
−
* OWASP Top 10 2013. (Dave Wichers)
−
* Why OWASP AppSensor is the future of Application Security, and why you should be using it.(Dennis Groves)
−
* The OWASP Proactive Controls. (Jim Manico)
−
* eXtend Security on Xcode. (Tokuji Akamine, Raymund Pedraita)
−
* The Art and Science of Configuring SSL. (Nick Galbreath)
−
* The investigation of Web Application Vulnerabilities in Japan. (Koki Takahashi)
−
* 1 user, 10 places, 100 seconds. (Matias Madou)
−
* 12 Case Studies for the Access Controls of Web Application. (Takashi Honda)
−
* Getting a handle on mobile security. (Jerry Hoff)
−
* Penetration Testing – 7 Deadly Sines. (Marek Zmysłowski)
−
* OWASP Top 10 for PHP developers. (Tobias Zander)
−
* Preinstalled Android application poisoning. (Yoshitaka Kato)
−
* OWASP documents for every people.(Chia-Lung Albert Hsieh)
+
== Monday, March 17th==
+
* '''''Secure Web Development.''''' <br>
+
'''Jerry Hoff'''<br>
+
ROOM B 10am-6pm<br><br>
+
''Web application security is the #1 security issue for most enterprises today. This class goes through fundamental security principles for Java and .NET web developers, focusing on secure development practices.''<br>
+
''This highly interactive, intensive 2-day class provides essential Java application security training for developers, architects and software testers. The class is a combination of lecture, hands-on development and code review. Instructor bring years of hands-on security experience, and provide invaluable insight from numerous security assessments.''
+
''Participants will not only learn the most common threats against web applications, but more importantly they will learn how to also fix the problems via control based code samples and review. Each student will have their own web application they will secure and test. This class is suitable for web application software engineers, web quality assurance engineers, and web architects''.
+
''Focus will be put on covering not only the OWASP Top 10, but other common web vulnerabilities that plague modern web applications. Participants will gain a strong knowledge of web vulnerabilities, how vulnerabilities are exploited, and what security controls need to be in place to write defensible applications. Emphasis will also be placed on how these secure coding techniques relate to mobile, secure API development, and how security can be introduced throughout the SDLC.''<br>
+
* '''''Hands on Simple method of the penetration testing using OWASP ZAP'''''.<br>
+
'''Minoru Sakai'''<br>
+
ROOM C 10am - 6pm <br><br>
+
== Tuesday, March 18th ==
+
* '''''CISO training: Managing Web & Application Security – OWASP for senior managers.''''' <br>
+
'''Tobias Gondrom'''<br>
+
ROOM C 10am - 6pm <br> <br>
+
''Managing and improving your global information security organization, Leverage OWASP and common best practices to improve your security programs and organization. Achieving cost-effective application security, bringing it all together on the management level.''
+
''Considering the number of mobile applications available in the Google Play and Apple AppStore is nearing 1.5 million and vulnerabilities are skyrocketing it is imperative to perform typical application security practices. But, how is mobile different?''<br>
+
''This two-day, hands-on course enables students to understand how easily mobile devices and applications can be successfully attacked. They will learn how to identify, avoid and remediate common vulnerabilities by walking through a threat analysis and learning critical security areas such as those identified in the OWASP Top Ten Mobile Risks and Controls. Using state-of-the-art testing tools, students will learn how to secure mobile devices across the enterprise. Students will be able to choose from iOS or Android hands-on labs throughout the course, while they learn how easily the bad guy can compromise applications and the data they contain''.<br>
+
+
+
+
* '''''Developer Security Training'''''. '''_FREE TRAINING_'''<br>
+
'''Jim Manico'''<br>
+
ROOM B 1.30pm - 5.30pm <br><br>
+
''This free 4-hour training session will teach a developer about the fundamentals of secure software development practices. The session is a fast-paced combination of lecture, security testing and code review. This class will also highlight production quality API's from various languages, frameworks, and 3rd party libraries that provide production quality and scalable security controls''. <br>
+
+
+
+
= CONFERENCE SESSIONS=
+
+
== Wednesday, March 19th ==
+
+
PLENARY SESSION:
+
*OWASP Top 10 2013. (Dave Wichers)<br><br>
+
TRACK A:
+
* The OWASP Proactive Controls. (Jim Manico)
+
* OWASP documents for every people.(Chia-Lung Albert Hsieh)
+
* 12 Case Studies for the Access Controls of Web Application. (Takashi Honda)
+
* Get Ready for the Next Big Wave of Attacks: Hacking of Leading CMS Systems. (Helen Bravo, Sanjay Agnani)<br><br>
+
TRACK B:
+
* Why OWASP AppSensor is the future of Application Security, and why you should be using it.(Dennis Groves)
+
* Inside Story of the first SaaS type WAF Service. (Kana Toko)
+
* The Art and Science of Configuring SSL. (Nick Galbreath)
+
* Bad Web Apps are Good – The Broken Web Application Project.(Mordecai Kraushar)<br><br>
+
TERRACE ROOM
+
* The fact report of attack traffic on the Internet. (Makoto Niimura)
+
* The investigation of Web Application Vulnerabilities in Japan. (Koki Takahashi)
+
+
+
== Thursady, March 20th ==
+
TRACK A:
+
* eXtend Security on Xcode. (Tokuji Akamine, Raymund Pedraita)
+
* Getting a handle on mobile security. (Jerry Hoff)
+
* Preinstalled Android application poisoning. (Yoshitaka Kato)
+
* 1 user, 10 places, 100 seconds. (Matias Madou)<br><br>
+
TRACK B:
+
* HTML 5 Security for Web Application Development. (Yoshinori Matsumoto)
+
* XSS Allstars from Japan. (Yosuke Hasegawa, Masato Kinugawa, Mala)
+
* Secure Escaping method for the age of HTML 5. (Yoshinori Takesako)<br><br>
+
TERRACE ROOM
+
* Management for Security Life Cycle. (Shoji Ito)
+
* How to choose (or write) your own source code scanner. (Yu-Lu “Chris” Liu)
+
* Women in AppSec <br><br>
+
PLENARY SESSION:
+
* (Michael Coates)<br><br>